Support » Plugin: BuddyPress Group Tags » Security Bug in BP Group Tags 2.0.3

  • HansRuedi Keller

    (@schwarzaufweiss)


    I’m using BP 1.6.4 together with Group Tags 2.0.3 and found the following bug:

    If you have a *hidden* BP Group and that hidden group has a group tag also belonging to a private group a *logged_in* member of the community is able to see that hidden group when he’s not member of that hidden group! It’s not the case if somebody is not logged in.

    What’s the way to see the group? Click on a tag link (group header or widget cloud) or directly alter the URL (/groups/tag/blabla/) and you will get that hidden group in group directory. Click on the group name goes to 404 – but the group is not hidden that moment.

    Workaround: don’t use group tags for hidden groups or wait for an update…

    http://wordpress.org/extend/plugins/buddypress-group-tags/

Viewing 1 replies (of 1 total)
  • Plugin Author Dwenaus

    (@dwenaus)

    I’ll check this out. thanks for posting it.

Viewing 1 replies (of 1 total)
  • The topic ‘Security Bug in BP Group Tags 2.0.3’ is closed to new replies.